John Leitch

89 exploits Active since Jun 2010
EIP-2026-115131 EXPLOITDB python WORKING POC
ddrLPD 1.0 - Remote Denial of Service
EIP-2026-115092 EXPLOITDB python WORKING POC
Core FTP Server 1.0.343 - Directory Traversal
EIP-2026-114130 EXPLOITDB text WORKING POC
WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting
CVE-2010-4518 EXPLOITDB text WRITEUP
wp-safe-search 0.7 - Cross-Site Scripting via v1 Parameter
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
EIP-2026-114030 EXPLOITDB text WORKING POC
WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal
CVE-2011-5267 EXPLOITDB text WRITEUP
WikiWig 5.01 - Cross-Site Scripting via SpellChecker Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.
EIP-2026-114387 EXPLOITDB php WORKING POC
WS Interactive Automne 4.1 - '/admin/upload-controler.php' Arbitrary File Upload
EIP-2026-114281 EXPLOITDB text WORKING POC
WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting
EIP-2026-114240 EXPLOITDB text WORKING POC
WordPress Plugin WP Survey And Quiz Tool 1.2.1 - Cross-Site Scripting
CVE-2010-4875 EXPLOITDB text WRITEUP
Vodpod Video Gallery Plugin <3.1.5 - XSS
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.
CVE-2011-5267 EXPLOITDB text WORKING POC
WikiWig 5.01 - Cross-Site Scripting via SpellChecker Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.
CVE-2010-4747 EXPLOITDB text WRITEUP
WordPress Processing Embed <0.5 - XSS
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter.
EIP-2026-113967 EXPLOITDB text WORKING POC
WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting
EIP-2026-113849 EXPLOITDB text WORKING POC
WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure
EIP-2026-113742 EXPLOITDB text WORKING POC
WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting
CVE-2011-1669 EXPLOITDB text WORKING POC
WP Custom Pages <0.5.0.1 - Path Traversal
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
EIP-2026-113426 EXPLOITDB text WRITEUP
Wiki Web Help 0.2.7 - Cross-Site Scripting / HTML Injection
EIP-2026-113157 EXPLOITDB text WORKING POC
vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion
EIP-2026-113265 EXPLOITDB text WORKING POC
webEdition CMS 6.1.0.2 - Multiple Vulnerabilities
CVE-2010-4873 EXPLOITDB text WRITEUP
WeBid 0.8.5 P1 - Cross-Site Scripting via confirm.php id Parameter
Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
EIP-2026-112687 EXPLOITDB text WORKING POC
Time and Expense Management System - Multiple Vulnerabilities
EIP-2026-112681 EXPLOITDB text WRITEUP
Tiki Wiki CMS Groupware 5.2 - Multiple Vulnerabilities
EIP-2026-112588 EXPLOITDB text WORKING POC
Tele Data's Contact Management Server 0.9 - 'Username' SQL Injection
CVE-2010-2153 EXPLOITDB python WORKING POC
TCExam 10.1.006-10.1.007 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/.
EIP-2026-112307 EXPLOITDB python WORKING POC
SocialABC NetworX 1.0.3 - Arbitrary File Upload / Cross-Site Scripting